Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: monoman on August 18, 2022, 07:10:39 AM
-
Hiya
I've been running an SME 10 production server on a Proxmox 7.1 since last Christmas. I set the SME 10 VM up as the first device to start as it is both the network gateway and DHCP host for the other vm on the main node.
I doubt this is the best arrangement. Could someone suggest a better way of setting up SME in server-gateway mode without it having to be the first device at startup.
-
This is a good way to do. SME has been designed exactly to do that on a bare metal machine, and you just transposed this on VM, with proxmox acting as a supervisor and as a network switch.
Some people will want to implement another VM dedicated for the front firewall, but SME is able to handle it as long as you do not need to had some really specific needs for your LAN (like multiple zones)
However without any firewall distro you could also choose to implement the network and firewall at the level of Proxmox. It is able to handle a global firewall and a per VM.
I tends to say KISS is better. So stay with what fill your needs.
-
Add a pi hole for DNS :-)
You can also slap some Prox firewalling on if you want. Can keep the SME log noise down a bit.
But think is the same as a lot of us do.
Also:
https://wiki.koozali.org/Qemu_guest_agent
-
Add a pi hole for DNS :-)
https://wiki.koozali.org/Qemu_guest_agent
I did consider pi hole but thought I'd skip that.
I am using the qemu guest agent.
-
Pi-hole is pretty neat - runs happily in a container. Just choose your DNS IP poison of choice.
There is a thread here somewhere about blocklists and how not to overload them as well - worth a read and look at the scripts.